100% Security is unattainable.

0% Risk is unachievable.

The Cyber Security Sphere - Understanding the Threats and Mitigating the Risk

If an IT company promises you 100% Security for your data with 0% risk - remember they're 100% taking you for a ride and they have 0% faith in what they're saying. First point of security - DO NOT let them near your assets!

Risk will always be a part of our lives. Unless we refrain from ever doing anything ever again. We all take risks in our ungainsayable quests for opportunities and prosperity that the internet can provide.

To seize on fortuitous moments born from using the internet - a level of risk has to be accepted.

What level of risk would you consider tolerable?

If your tolerance for risk is low and the consequences of losing your security, privacy or anonymity are high then the more security controls you may want and the more advanced they may need to be. The downside to this is it may restrict the usability of your systems and reduce your productivity.

If your tolerance is high and consequences are low – the less security controls you will require and little effect on your productivity unless, God forbid, you suffer a potentially business-ending cyber-attack, which would leave you with the thought 'if only we listened!'.

Security is a balance between:

  • Practicality and Security.
  • Risk and Opportunity.

Security can get in the way at times. It can be impractical and make it increasingly difficult to use your systems. A sensible approach would be to choose security controls fit for the purposes of your business while at the same time be in line with your tolerance for risk.

Knowing to what degree you truly understand cyber security as well as your individual threat landscape will provide background information on potential threats to your business and existing vulnerabilities in it. This information will guide you in making an informed choice concerning your need for security, privacy or anonymity and a greater understanding of your tolerance for risk.

A risk-based approach to security is a sensible approach. Knowing that 100% security is unattainable should signify a risk-based approach is critical in order to protect your data. A justifiable level of security will mitigate the risks without being over-demanding on the usability of your systems.

Only you can choose the level of security necessary to protect your assets. Click here to weigh up the pros and cons of security vs. privacy vs. anonymity to assist you in deciding what security controls are best suited for your business.

Huw Tremlett

Data Management Consultant

Huw Tremlett